--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: jessie-pu: package libvirt/1.2.9-9+deb8u1
- From: Guido Günther <agx@sigxcpu.org>
- Date: Wed, 19 Aug 2015 13:22:58 +0200
- Message-id: <20150819112258.GA29416@bogon.m.sigxcpu.org>
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu
Hi,
the I'd like to update libvirt in unstable to fix the broken AppArmor
support, a crash during live migration and a error handling problem
leading lots of users into the wrong direction. The debdiff is attached
and all bugs are already fixed in either sid or experimental (due to the
g++ transition).
We also have to disable the test suite due to a libxml2 bug.
O.k. to upload to p-u?
Cheers,
-- Guido
-- System Information:
Debian Release: 8.1
APT prefers stable
APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.1.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff --git a/debian/changelog b/debian/changelog
index 5932017..5c79c12 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,24 @@
+libvirt (1.2.9-9+deb8u1) jessie; urgency=medium
+
+ [ Guido Günther ]
+ * [8e4cf5a] Teach virt-aa-helper to use TEMPLATE.qemu if the domain is kvm
+ or kqemu.
+ Thanks to Luke Faraone for the report (Closes: #786650)
+ * [ad1ff0b] Adjust gbp.conf for jessie
+ * [c830a54] Disable test suite due to libxml2 bug #781232 in jessie
+ * [be70aec] Fix crash on live migration
+ this supplements 07dbec0a64783f644854a22aa0355720f0328d17.
+ Thanks to Eckebrecht von Pappenheim (Closes: #7788171)
+
+ [ Felix Geyer ]
+ * [9fb6c59] Allow access to libnl-3 configuration (Closes: #786652)
+
+ [ Daniel P. Berrange ]
+ * [afae69a] Report original error when QMP probing fails with new QEMU
+ (Closes: #780093)
+
+ -- Guido Günther <agx@sigxcpu.org> Thu, 13 Aug 2015 15:56:49 +0200
+
libvirt (1.2.9-9) unstable; urgency=medium
* [4c14b83] qemu: Don't try to parse -help for new QEMU.
diff --git a/debian/gbp.conf b/debian/gbp.conf
index c97ab1d..3673a45 100644
--- a/debian/gbp.conf
+++ b/debian/gbp.conf
@@ -1,6 +1,7 @@
[DEFAULT]
upstream-branch=upstream/sid
-debian-branch=master
+debian-branch=debian/jessie
+dist=jessie
[gbp-pq]
patch-numbers = False
diff --git a/debian/patches/Allow-access-to-libnl-3-config-files.patch b/debian/patches/Allow-access-to-libnl-3-config-files.patch
new file mode 100644
index 0000000..6932e41
--- /dev/null
+++ b/debian/patches/Allow-access-to-libnl-3-config-files.patch
@@ -0,0 +1,30 @@
+From: Felix Geyer <fgeyer@debian.org>
+Date: Sat, 13 Jun 2015 10:22:40 +0200
+Subject: Allow access to libnl-3 config files
+
+Closes: #786650
+---
+ examples/apparmor/usr.lib.libvirt.virt-aa-helper | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/examples/apparmor/usr.lib.libvirt.virt-aa-helper b/examples/apparmor/usr.lib.libvirt.virt-aa-helper
+index bceaaff..60739d0 100644
+--- a/examples/apparmor/usr.lib.libvirt.virt-aa-helper
++++ b/examples/apparmor/usr.lib.libvirt.virt-aa-helper
+@@ -16,9 +16,16 @@
+ owner @{PROC}/[0-9]*/status r,
+ @{PROC}/filesystems r,
+
++ /etc/libnl-3/classid r,
++
+ # for hostdev
+ /sys/devices/ r,
+ /sys/devices/** r,
++ deny /dev/sd* r,
++ deny /dev/vd* r,
++ deny /dev/dm-* r,
++ deny /dev/mapper/ r,
++ deny /dev/mapper/* r,
+
+ /usr/lib/libvirt/virt-aa-helper mr,
+ /sbin/apparmor_parser Ux,
diff --git a/debian/patches/Fix-crash-on-live-migration.patch b/debian/patches/Fix-crash-on-live-migration.patch
new file mode 100644
index 0000000..9bd259c
--- /dev/null
+++ b/debian/patches/Fix-crash-on-live-migration.patch
@@ -0,0 +1,25 @@
+From: =?utf-8?q?Guido_G=C3=BCnther?= <agx@sigxcpu.org>
+Date: Sat, 13 Jun 2015 10:38:26 +0200
+Subject: Fix crash on live migration
+
+this supplements 07dbec0a64783f644854a22aa0355720f0328d17.
+
+Closes: #7788171
+Thanks: Eckebrecht von Pappenheim
+---
+ src/qemu/qemu_migration.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
+index e18556f..87f3f1a 100644
+--- a/src/qemu/qemu_migration.c
++++ b/src/qemu/qemu_migration.c
+@@ -2746,7 +2746,7 @@ qemuMigrationPrepareAny(virQEMUDriverPtr driver,
+ QEMU_ASYNC_JOB_MIGRATION_IN) < 0)
+ goto stop;
+
+- if (STREQ(protocol, "rdma") &&
++ if (STREQ_NULLABLE(protocol, "rdma") &&
+ virProcessSetMaxMemLock(vm->pid, vm->def->mem.hard_limit << 10) < 0) {
+ goto stop;
+ }
diff --git a/debian/patches/series b/debian/patches/series
index fcb95a0..bac1f34 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -27,3 +27,7 @@ upstream/vbox-fix-a-bug-in-_machineStateInactive.patch
security/CVE-2015-0236-qemu-Check-ACLs-when-dumping-security-.patch
security/CVE-2015-0236-qemu-Check-ACLs-when-dumping-securi-14.patch
qemu-Don-t-try-to-parse-help-for-new-QEM.patch
+upstream/Teach-virt-aa-helper-to-use-TEMPLATE.qemu-if-the-dom.patch
+Allow-access-to-libnl-3-config-files.patch
+Fix-crash-on-live-migration.patch
+upstream/Report-original-error-when-QMP-probing-fails-with-ne.patch
diff --git a/debian/patches/upstream/Report-original-error-when-QMP-probing-fails-with-ne.patch b/debian/patches/upstream/Report-original-error-when-QMP-probing-fails-with-ne.patch
new file mode 100644
index 0000000..1f6dab7
--- /dev/null
+++ b/debian/patches/upstream/Report-original-error-when-QMP-probing-fails-with-ne.patch
@@ -0,0 +1,182 @@
+From: "Daniel P. Berrange" <berrange@redhat.com>
+Date: Mon, 15 Jun 2015 09:04:34 +0200
+Subject: Report original error when QMP probing fails with new QEMU
+
+If probing capabilities via QMP fails, we now have a check
+that prevents us falling back to -help parsing. Unfortunately
+the error message
+
+ "Failed to probe capabilities for /usr/bin/qemu-kvm:
+ unsupported configuration: QEMU 2.1.2 is too new for help parsing"
+
+is proving rather unhelpful to the user. We need to be telling
+them why QMP failed (the root cause), rather than they can't
+use -help (the side effect).
+
+To do this we should capture stderr during QMP probing, and
+if -help parsing then sees a new QEMU version, we know that
+QMP should have worked, and so we can show the messages from
+stderr. The message thus becomes
+
+ "Failed to probe capabilities for /usr/bin/qemu-kvm:
+ internal error: QEMU / QMP failed: Could not access
+ KVM kernel module: No such file or directory
+ failed to initialize KVM: No such file or directory"
+---
+ src/qemu/qemu_capabilities.c | 37 +++++++++++++++++++++++++++----------
+ src/qemu/qemu_capabilities.h | 3 ++-
+ tests/qemuhelptest.c | 2 +-
+ 3 files changed, 30 insertions(+), 12 deletions(-)
+
+diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
+index 9e0158c..b6144ea 100644
+--- a/src/qemu/qemu_capabilities.c
++++ b/src/qemu/qemu_capabilities.c
+@@ -1325,7 +1325,8 @@ int virQEMUCapsParseHelpStr(const char *qemu,
+ unsigned int *version,
+ bool *is_kvm,
+ unsigned int *kvm_version,
+- bool check_yajl)
++ bool check_yajl,
++ const char *qmperr)
+ {
+ unsigned major, minor, micro;
+ const char *p = help;
+@@ -1386,9 +1387,15 @@ int virQEMUCapsParseHelpStr(const char *qemu,
+ * using QMP probing.
+ */
+ if (*version > 1002000) {
+- virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+- _("QEMU %u.%u.%u is too new for help parsing"),
+- major, minor, micro);
++ if (qmperr && *qmperr) {
++ virReportError(VIR_ERR_INTERNAL_ERROR,
++ _("QEMU / QMP failed: %s"),
++ qmperr);
++ } else {
++ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
++ _("QEMU %u.%u.%u is too new for help parsing"),
++ major, minor, micro);
++ }
+ goto cleanup;
+ }
+
+@@ -2933,7 +2940,7 @@ virQEMUCapsInitCached(virQEMUCapsPtr qemuCaps, const char *cacheDir)
+ #define QEMU_SYSTEM_PREFIX "qemu-system-"
+
+ static int
+-virQEMUCapsInitHelp(virQEMUCapsPtr qemuCaps, uid_t runUid, gid_t runGid)
++virQEMUCapsInitHelp(virQEMUCapsPtr qemuCaps, uid_t runUid, gid_t runGid, const char *qmperr)
+ {
+ virCommandPtr cmd = NULL;
+ bool is_kvm;
+@@ -2964,7 +2971,8 @@ virQEMUCapsInitHelp(virQEMUCapsPtr qemuCaps, uid_t runUid, gid_t runGid)
+ &qemuCaps->version,
+ &is_kvm,
+ &qemuCaps->kvmVersion,
+- false) < 0)
++ false,
++ qmperr) < 0)
+ goto cleanup;
+
+ /* x86_64 and i686 support PCI-multibus on all machine types
+@@ -3215,7 +3223,8 @@ static int
+ virQEMUCapsInitQMP(virQEMUCapsPtr qemuCaps,
+ const char *libDir,
+ uid_t runUid,
+- gid_t runGid)
++ gid_t runGid,
++ char **qmperr)
+ {
+ int ret = -1;
+ virCommandPtr cmd = NULL;
+@@ -3275,13 +3284,16 @@ virQEMUCapsInitQMP(virQEMUCapsPtr qemuCaps,
+ virCommandSetGID(cmd, runGid);
+ virCommandSetUID(cmd, runUid);
+
++ virCommandSetErrorBuffer(cmd, qmperr);
++
+ /* Log, but otherwise ignore, non-zero status. */
+ if (virCommandRun(cmd, &status) < 0)
+ goto cleanup;
+
+ if (status != 0) {
+ ret = 0;
+- VIR_DEBUG("QEMU %s exited with status %d", qemuCaps->binary, status);
++ VIR_DEBUG("QEMU %s exited with status %d: %s",
++ qemuCaps->binary, status, *qmperr);
+ goto cleanup;
+ }
+
+@@ -3330,6 +3342,8 @@ virQEMUCapsInitQMP(virQEMUCapsPtr qemuCaps,
+ VIR_ERROR(_("Failed to kill process %lld: %s"),
+ (long long) pid,
+ virStrerror(errno, ebuf, sizeof(ebuf)));
++
++ VIR_FREE(*qmperr);
+ }
+ if (pidfile) {
+ unlink(pidfile);
+@@ -3370,6 +3384,7 @@ virQEMUCapsPtr virQEMUCapsNewForBinary(const char *binary,
+ virQEMUCapsPtr qemuCaps;
+ struct stat sb;
+ int rv;
++ char *qmperr = NULL;
+
+ if (!(qemuCaps = virQEMUCapsNew()))
+ goto error;
+@@ -3400,13 +3415,13 @@ virQEMUCapsPtr virQEMUCapsNewForBinary(const char *binary,
+ goto error;
+
+ if (rv == 0) {
+- if (virQEMUCapsInitQMP(qemuCaps, libDir, runUid, runGid) < 0) {
++ if (virQEMUCapsInitQMP(qemuCaps, libDir, runUid, runGid, &qmperr) < 0) {
+ virQEMUCapsLogProbeFailure(binary);
+ goto error;
+ }
+
+ if (!qemuCaps->usedQMP &&
+- virQEMUCapsInitHelp(qemuCaps, runUid, runGid) < 0) {
++ virQEMUCapsInitHelp(qemuCaps, runUid, runGid, qmperr) < 0) {
+ virQEMUCapsLogProbeFailure(binary);
+ goto error;
+ }
+@@ -3415,9 +3430,11 @@ virQEMUCapsPtr virQEMUCapsNewForBinary(const char *binary,
+ goto error;
+ }
+
++ VIR_FREE(qmperr);
+ return qemuCaps;
+
+ error:
++ VIR_FREE(qmperr);
+ virObjectUnref(qemuCaps);
+ qemuCaps = NULL;
+ return NULL;
+diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
+index a0bb5d3..d8d63a6 100644
+--- a/src/qemu/qemu_capabilities.h
++++ b/src/qemu/qemu_capabilities.h
+@@ -302,7 +302,8 @@ int virQEMUCapsParseHelpStr(const char *qemu,
+ unsigned int *version,
+ bool *is_kvm,
+ unsigned int *kvm_version,
+- bool check_yajl);
++ bool check_yajl,
++ const char *qmperr);
+ /* Only for use by test suite */
+ int virQEMUCapsParseDeviceStr(virQEMUCapsPtr qemuCaps, const char *str);
+
+diff --git a/tests/qemuhelptest.c b/tests/qemuhelptest.c
+index 975edf3..271fddc 100644
+--- a/tests/qemuhelptest.c
++++ b/tests/qemuhelptest.c
+@@ -58,7 +58,7 @@ static int testHelpStrParsing(const void *data)
+ goto cleanup;
+
+ if (virQEMUCapsParseHelpStr("QEMU", help, flags,
+- &version, &is_kvm, &kvm_version, false) == -1)
++ &version, &is_kvm, &kvm_version, false, NULL) == -1) {
+ goto cleanup;
+
+ # ifndef WITH_YAJL
diff --git a/debian/patches/upstream/Teach-virt-aa-helper-to-use-TEMPLATE.qemu-if-the-dom.patch b/debian/patches/upstream/Teach-virt-aa-helper-to-use-TEMPLATE.qemu-if-the-dom.patch
new file mode 100644
index 0000000..c128c71
--- /dev/null
+++ b/debian/patches/upstream/Teach-virt-aa-helper-to-use-TEMPLATE.qemu-if-the-dom.patch
@@ -0,0 +1,41 @@
+From: =?utf-8?q?C=C3=A9dric_Bosdonnat?= <cbosdonnat@suse.com>
+Date: Tue, 28 Oct 2014 14:42:34 -0600
+Subject: Teach virt-aa-helper to use TEMPLATE.qemu if the domain is kvm or
+ kqemu
+
+Closes: #786650
+---
+ src/security/virt-aa-helper.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
+index 9afc8db..1f299a0 100644
+--- a/src/security/virt-aa-helper.c
++++ b/src/security/virt-aa-helper.c
+@@ -341,15 +341,25 @@ create_profile(const char *profile, const char *profile_name,
+ int tlen, plen;
+ int fd;
+ int rc = -1;
++ const char *driver_name = NULL;
+
+ if (virFileExists(profile)) {
+ vah_error(NULL, 0, _("profile exists"));
+ goto end;
+ }
+
++ switch (virtType) {
++ case VIR_DOMAIN_VIRT_QEMU:
++ case VIR_DOMAIN_VIRT_KQEMU:
++ case VIR_DOMAIN_VIRT_KVM:
++ driver_name = "qemu";
++ break;
++ default:
++ driver_name = virDomainVirtTypeToString(virtType);
++ }
+
+ if (virAsprintfQuiet(&template, "%s/TEMPLATE.%s", APPARMOR_DIR "/libvirt",
+- virDomainVirtTypeToString(virtType)) < 0) {
++ driver_name) < 0) {
+ vah_error(NULL, 0, _("template name exceeds maximum length"));
+ goto end;
+ }
diff --git a/debian/rules b/debian/rules
index ed80e8d..6812719 100755
--- a/debian/rules
+++ b/debian/rules
@@ -129,14 +129,7 @@ override_dh_auto_configure:
dh_auto_configure -- $(DEB_CONFIGURE_EXTRA_ARGS)
override_dh_auto_test:
- export LD_PRELOAD=""; \
- export VIR_TEST_DEBUG=1; \
- [ -n "$(MAKE_CHECK)" ] || exit 0; \
- if ! dh_auto_test -O--builddirectory=$(DEB_BUILDDIR); then \
- cat ./debian/build/gnulib/tests/test-suite.log \
- ./debian/build/tests/test-suite.log; \
- exit 1; \
- fi
+ # Disabled due to #781232
override_dh_install:
dh_install
--- End Message ---